Upgrade to Pro — share decks privately, control downloads, hide ads and more …

January 2021: Azure IaC with Terraform by Jonas Wanninger

January 2021: Azure IaC with Terraform by Jonas Wanninger

Unfortunately, there is no video recording for this session. :-(

In this session we are going to look at how you can use Terraform for your Azure Infrastructure-as-Code deployments. Terraform is a tool for building, changing and versioning infrastructure safely and efficiently. It can be used for various cloud providers and even in-house solutions.

In this session we take a look at how Terraform IaC works and compare it to ARM templates.

Bio:
Jonas is a consultant at Trivadis Germany GmbH in Munich. His focus is on the architecture and implementation of Azure Cloud infrastructures. He focuses on automation using Infrastructure as Code, CI/CD and Cloud Security. Jonas has been able to demonstrate his expertise in the implementation of complex Azure projects in numerous projects. Jonas is also a regular speaker in the Azure area. His field of activity also includes planning and implementation of high availability concepts, performance tuning and automation in the area of Microsoft SQL Server.

You can find him at: https://www.linkedin.com/in/jonas-wanninger

0754d30f3acc99a940aebdcd49d5af97?s=128

Azure Zurich User Group

January 19, 2021
Tweet

Transcript

  1. MS Azure Zürich User Group IAC Episode 3 Terraform Strikes

    Back! Jonas Wanninger
  2. Jonas Wanninger Consultant and Cloud Architect • Azure (Automation, Architecture

    and Security) • Development (.NET, PowerShell, SQL) • Microsoft SQL Server • Microsoft Certified Trainer https://www.linkedin.com/in/jonas-wanninger-0a4833139/
  3. Terraform Strikes Back?! VS

  4. Why is IaC cool? Provides consistency across all deployments and

    stages Version control Faster deployments and recovery Just in time deployments
  5. First things First: Terraform Overview • Company: Hashicorp • Open

    Source • based on Azure SDK for GO! • Cloud vendor independent
  6. Terraform Cloud Consistent and reliable deployment environment Shared state and

    secret data Approving changes to infrastructure, A private registry for modules Terraform Enterprise is the Self Hosted version of the Terraform Cloud
  7. resource "azurerm_resource_group" "rg" { name = "myTFResourceGroup" location = "westus2"

    } HCL Introduction <BLOCK TYPE> "<BLOCK LABEL>" "<BLOCK LABEL>" { # Block body <IDENTIFIER> = <EXPRESSION> # Argument } Overall Syntax Example
  8. First things First: Terraform Workflow Write Code Init Terraform Validate

    Plan Apply Get Happy!
  9. DEMO

  10. Terraform files terraform.tfstate terraform.tfvars main.tf

  11. Advanced Terraform Topics: The Statefile Terraform always keeps track of

    your infrastrucuture Contains sensitive data in clear text Stored locally Not great for working in teams Shows your entire cloud infrastructure Including security issues ;)
  12. Advanced Terraform Topics: The Statefile • Remote Backend are the

    solution e.g Azure Blob Storage • Encrypted • Locking mechanism state.tfstate Authenticate to storage account (e.g with SP or MSI) Gets decrypted while Terraform works with it On the Storage Accounts its encrypted again.
  13. Advanced Terraform Topics: Keeping Your Secrets

  14. Advanced Terraform Topics: Keeping Your Secrets

  15. Advanced Terraform Topics: Keeping Your Secrets

  16. Advanced Terraform Topics: Keeping Your Secrets

  17. Advanced Terraform Topics: Keeping Your Secrets • Tool Recommendation •

    GitHub: mozilla / sops • Encrypts and decrypts variable files on the fly • Encryption Keys can be kept in an Azure Key Vault • Encrypted Terraform variable file can be checked in Version Control Pull Code incl. encrypted variables files from source control Decrypt variables file Terraform deployment Delete files from deployment server
  18. Advanced Terraform Topics: Dependency Graph Terraform plan •Create Dependency Graph

    •Can be saved Terraform apply •Traverses dependency graph Depends On •Dependencies can be manually specified but that's not necessary
  19. When to Use Terraform When to Use ARM? – Speed

    ARM Templates o directly talk to the ressource manager o Can parallelize work Terraform o In most cases slower o No parallelism, just for depdendency traversal
  20. When to Use Terraform When to Use ARM? - Features

    ARM Templates o Always has the latest Azure features (previews) o Lacks Code management fatures and modularization o Manual dependency management o Especially annoying since you sometimes run into limitations e.g V-NET Terraform o Depends on the Azure SDK for GO! o More features towards code modularization and dynamic code functions o Automatic dependency management o No history tracking in Azure
  21. When to Use Terraform When to Use ARM? – Use

    Cases Use Case Go With Need newest features? ARM Deployment times are critical? ARM Infrastructure is quite simple? ARM Infrastructure is complex? Terraform Hybrid Cloud capablitiy is important? Terraform
  22. Contact: jonas.wanninger@trivadis.com Thank you for attending! Stay Healthy!